Security researchers found on March 30 that the number of phishing websites targeting Pi Network’s second mainnet migration surged sharply. The scammers are widely distributing fake two-factor authentication (2FA) links, specifically targeting more than 119,000 pioneer users who have completed the second migration, in an attempt to trick them into entering a 24-word wallet seed phrase to steal assets.
Scam Workflow: How a phishing page can empty a wallet in an instant
The danger of this wave of attacks comes from its ability to disguise itself— the phishing page’s visual presentation is almost indistinguishable from the official Pi platform. The attack process typically goes as follows:
· Users receive a link that claims to help them complete 2FA verification; the source could be an SMS, a social media post, or a message disguised as a technical support notification. After clicking, users see a page that closely resembles the official interface and is asked to enter the complete 24-word seed phrase to “verify your identity.” Once the user enters the seed phrase, the scammers gain full control of the wallet and can complete asset transfers within milliseconds, leaving the victim with virtually no chance to stop it.
Officially reiterated: Pi Network’s seed phrase is the highest-level credential that controls the wallet, and under no circumstances should it be entered into or disclosed to anyone outside the App.
Why the risk rises significantly during the second migration
The timing chosen by the scammers is not a coincidence; it precisely exploits the behavioral characteristics of users during the active period of the second migration. The second migration includes on-chain confirmations for referral rewards, with potentially larger asset amounts. Over 119,000 pioneer users are in a state of actively looking for migration instructions, have a higher level of trust in “official operation prompts,” and their awareness of prevention is relatively weaker.
The scammers exploit this sense of urgency and habitual trust—when users are actively processing the migration flow, a seemingly official “verification step” is the easiest to carry out without questioning.
Emergency Response Guide: Users whose seed phrases may have leaked must act immediately
If you have already entered a seed phrase on a suspicious page, time is critical. The following steps are recommended immediately:
Transfer assets out immediately: Before the scammers complete the transfer, move all PI tokens from the compromised wallet into a brand-new secure wallet as quickly as possible.
Stop using the old wallet: A wallet whose seed phrase has leaked should be considered no longer secure; revoke all related authorizations.
Recreate a new wallet: Generate a new 24-word seed phrase and update the related whitelist settings.
Notify the Pi Core Team: Submit the suspicious situation through the reporting feature in the official App.
Prevention principles are equally critical: Official 2FA exists only within the App. Scam pages often use urgent language such as “your account is about to expire” to pressure users. Stay calm, and carefully verify the source before performing any operation involving seed phrases.
Frequently Asked Questions
How do you tell a real Pi Network operation request from a phishing link?
All security verification functions of the official Pi Network only operate inside the official App. The Pi Core Team never sends 2FA links via SMS, email, Telegram, or any third-party website. Any request claiming that a seed phrase must be entered outside the App—no matter how convincing the page looks—should be immediately treated as a scam and the page should be closed.
After entering a seed phrase on a phishing site, is there still a chance to save the assets?
Time is the key factor. If you act immediately before the scammers complete the transfer, there is a chance to recover some assets. You need to create a new wallet right away and move all assets into the new wallet as quickly as possible. Once the scammers have completed the transfer, assets are usually not recoverable due to the irreversible nature of blockchain transactions; therefore, immediate reaction after discovery is the only effective response.
Why is the second migration period of Pi Network especially easy to become an attack target?
During the second migration, more than 119,000 users are in an active operation state. The migration for referral rewards means the potential asset size is larger, and users have a higher level of trust in “official instructions” when looking for migration guidance. This behavior pattern—users actively searching for operation steps—creates ideal conditions for social engineering attacks, which is the core reason scammers choose to launch dense attacks during this period.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Pi Network 18 million users complete KYC, and 26.5 million PI are issued to verifiers
Pi Network distributes 26.5 million PI tokens to more than 1 million community members who have completed KYC verification, to accelerate user identity verification and strengthen the decentralized model. 18 million already-verified users have laid the groundwork for the ecosystem’s development, but the key lies in how to convert these users into active participants. With the protocol upgrade, Pi Network is moving toward the open network phase, and smart contract support signals richer application scenarios.
MarketWhisper14h ago
Pi Network price hits a new 7-week low as a wave of 60 million token unlocks comes in
Pi Network's native token PI fell to $0.165 in April, hitting a 7-week low and leaving market sentiment weak. The unlock peak will release more than 60 million PI, adding downward pressure. Despite the core team recently publishing technical updates, it failed to improve market confidence and instead drew community criticism due to KYC access issues and the ongoing slide in price. Increased future supply could further drive prices lower.
MarketWhisper16h ago
Pi Network Distributes 26.5M PI to 1M KYC Validators
Pi Network has taken another step forward in building its ecosystem. The project recently distributed 26.5 million PI tokens to more than 1 million KYC validators.
These rewards were given to users who helped verify identities on the network. This process is important. Because it ensures that
Coinfomania04-13 13:30
Pi Network PIRC baseline protection mechanism sparks controversy, implying a “quasi-stablecoin” logic
Pi Network member Daniel F raised a logical contradiction in the PIRC token design, noting that if it has a 23.8% floor protection, it would need to behave like a stablecoin, which conflicts with its high volatility on CEX. This floor is based on Pi’s price calculations; if Pi itself fluctuates significantly, it will be unable to effectively protect holders. Daniel emphasized the importance of transparency, but the project team did not respond to it, leading the community to continue speculating about the reasons for its silence.
MarketWhisper04-13 02:23
Pi Network Major Transformation: 210 Ecosystem Applications Deployed, 23k Developers Ready
The Pi Network ecosystem is accelerating its transition, with more than 210 active applications and 23,000 developers actively participating in Pi Studio, spanning multiple areas such as payments, community engagement, education, and gaming. The ecosystem’s diversity shows indicators of healthy development, and developers’ engagement is driving ongoing application optimization. In the future, improving the usefulness of the mainnet will be a key challenge, including issues that need to be urgently addressed such as scalability, security, and user adoption rates.
MarketWhisper04-13 02:06
